OOB access in ldap_escape

Kurzinfo

Veroeffentlicht: 2024-11-21 18:15 UTC Importiert: 2026-05-14 18:44 UTC Quelle-ID: php_sec uid_hash: c472cecf232eedca127559a2bbeea2b2587a6a1f1b3afb7e6f2c0ef5a55bbc78
PHP Security (php/php-src GHSA)

Inhalt

Impact

Uncontrolled long string inputs to ldap_escape on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

Details

This issue affected HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0.

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-1916 Patch: https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4

Verknuepfte CVEs

CVE-ID Severity (CVE.org) CVSS (CVE.org) EPSS EPSS-% Veroeffentlicht (CVE.org)

CVE-2020-1916

 - - - -

CVE-2024-8932

 - - - -

Quellen-Details

Bezeichnung Name Kategorie Tags Zielgruppe Sprache Feed-URL
PHP Security (php/php-src GHSA)

php_sec

 vendor_advisory php, runtime - de https://github.com/php/php-src/security/advisories
Zurueck zur Eintrags-Liste